Some embodiments of the present disclosure are directed to an improved approach for implementing increasing authentication and data security in enterprise applications. More particularly, disclosed herein are techniques for using formatting, checksums, and encryption to detect tampering of a data buffer, and techniques for obfuscating encryption keys.
In the context of enterprise software applications, when a value needs to be stored and/or passed around (e.g., a value being a buffer, a string, an XML data structure, etc.), legacy formatting and data passing techniques allow the stored and/or passed-around data to be read by users. In some cases the stored and/or passed-around data was encrypted, and encryption keys held as “secret” so users or malicious agents were unaware of the actual, unencrypted content being passed around (and also unaware of the actual value of the secret keys). In some cases, encrypted data was then often turned into a text string by using (for example) base-64 encoding.
However, some legacy systems employ legacy techniques that pass around data in buffers that could be tampered with, and those legacy techniques were unable to detect such tampering. Even when the techniques included encryption, legacy systems involving enterprise applications distributed as enterprise software programs have relied on keys being stored in the code base of the software programs. Such keys, being stored in the code base of the software programs, could conceivably be hacked by a malicious agent, and the malicious agent could gain access to the cryptographic key and potentially use the data in the buffers for malicious purposes.
Accordingly, advances of techniques to format data into a buffer so as to facilitate detection of data tampering, and advances in techniques to obfuscate keys so as to prevent such tampering, are needed. Further, some legacy enterprise software applications would use standard hexadecimal representations when transforming binary sequences into “HEX” characters (e.g., HEX characters represented with characters 0 to 9 and A to F). However, especially for large payloads, the legacy techniques consumed too many computing cycles for each character converted. Moreover, the aforementioned technologies do not have the capabilities to achieve perform high-performance formatting and checksums to detect tampering of a data buffer.
Therefore, there is a need for improved approaches for implementing data security in enterprise applications.